0xmlt
0xmlt
PostsComments
TTCTheo's Typesafe Cult
Created by 0xmlt on 7/30/2023 in #questions
bug bounty - escalating HTMLi without XSS?
That's correct, everything between the @import and the next instance of ; char in the page source gets leaked
12 replies
TTCTheo's Typesafe Cult
Created by 0xmlt on 7/30/2023 in #questions
bug bounty - escalating HTMLi without XSS?
Turns out this technique actually did work.. I just needed to tweak my payload slightly. I did a write-up covering how I got a working PoC if anyone is interested in checking it out: https://0x80dotblog.wordpress.com/2023/08/07/bbp-writeup-series-1-turning-useless-htmli-on-redacted-into-a-p1/
12 replies
TTCTheo's Typesafe Cult
Created by 0xmlt on 7/30/2023 in #questions
bug bounty - escalating HTMLi without XSS?
Nevermind. I finally managed to get it working.
12 replies
TTCTheo's Typesafe Cult
Created by 0xmlt on 7/30/2023 in #questions
bug bounty - escalating HTMLi without XSS?
Or not a "Bypass" per-se, but just some method of escalating the HTMLi without XSS
12 replies
TTCTheo's Typesafe Cult
Created by 0xmlt on 7/30/2023 in #questions
bug bounty - escalating HTMLi without XSS?
Willing to split 50/50 if someone can help find a bypass I mean
12 replies
TTCTheo's Typesafe Cult
Created by 0xmlt on 7/30/2023 in #questions
bug bounty - escalating HTMLi without XSS?
I'm willing to split the payout 50/50 plus am willing to prove its a real bounty target so that u know its nothing sketchy..
12 replies
TTCTheo's Typesafe Cult
Created by 0xmlt on 7/30/2023 in #questions
bug bounty - escalating HTMLi without XSS?
Wasn't expecting that last one to actually work but just mentioning that I already tried in case someone suggests it.
12 replies
TTCTheo's Typesafe Cult
Created by 0xmlt on 7/30/2023 in #questions
bug bounty - escalating HTMLi without XSS?
I've also tried injecting a meta tag already to spoof the page's charset from UTF-8 to UTF-7 or UTF-16 and then injecting my payload using UTF-7 chars or whatever, no luck.. should I just give up? Or can anyone think of anything I can try?
12 replies